Wednesday, December 4, 2024

Firefox Buggier than IE: Which is Safer?

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

For all the grief Microsoft Corp. takes about having buggy software, a

new study shows the Mozilla Foundation’s Firefox actually had nearly

twice as many reported vulnerabilities as Internet Explorer in a

six-month span.

Does that make Explorer a safer browser to use?

Not necessarily, say security analysts. It just means IT administrators

and users need to be on alert no matter what browser they’re using.

”I can’t say that Internet Explorer is more secure than Firefox, but it

highlights the fact that no matter which browser you’re using, they have

vulnerabilities and it doesn’t matter if they’re open source or

proprietary,” says Gordon Haff, an analyst at Illuminata, an industry

analyst firm based in Nashua, N.H. ”You have to keep everything

up-to-date.”

Symantec’s Internet Security Threat Report, a twice annual analysis of

Internet security activity, shows that between January and June of this

year, Mozilla’s browser had 25 reported vulnerabilities — 18, or 72 percent, were

critical. In the same time period, Microsoft’s Internet Explorer had 13

reported vulnerabilities — eight, or 62 percent, were critical.

Patrick Martin, senior manager for security response at Symantec Corp.,

says Mozilla’s numbers from the first half of this year, actually were an

improvement over the second half of 2004, when it had 31 reported

vulnerabilities. Internet Explorer also is doing better, since it had 30

in that same time frame. Mozilla has produced more than one browser, but Firefox is far and away it’s most popular browser and the one mainly being measured in the study.

Martin says the report has ”raised a few eyebrows” since Firefox, an

open source browser, frequently is thought of as the safer alternative to

Internet Explorer. Firefox has picked up a strong number of new users in

the last year with many people looking to switch away from Microsoft’s

browser.

Apples and Oranges

Ken van Wyk, principal consultant for KRvW Associates, LLC and a

columnist for eSecurityPlanet, says many people may now suspect Internet

Explorer is a safer browser to use, but they should be careful about

comparing apples and oranges.

”The Mozilla code is out there. Anybody can look at it,” says van Wyk,

who is a Firefox user and plans to stay that way. ”Microsoft source code

is proprietary. It’s not available for public scrutiny. You’re comparing

based on two very different sets of inputs.

”Firefox is a newer product that has been out in the open source space

for a relatively short period of time,” he adds. ”It hasn’t been

exposed to public scrutiny for all that long. It’s not surprising to find

that many bugs in a product so new. It’s disappointing though.”

Ken Dunham, a senior engineer for VeriSign iDefense Intelligence based in

Mountain View, Calif., says it also comes down to how many virus writers

are attacking an application. Firefox has been relatively safe from

attack, whereas Internet Explorer has taken more than its share of hits.

”If you look at the numbers, who gets attacked? Internet Explorer users,

and especially IE users who are not patched,” says Dunham. ”I can say

that Firefox has fewer exploits to date and offers security through

obscurity. That might change in the future. There’s just not near as many

attacks, but the reality is it has a number of vulnerabilities that can

be exploited.”

Dunham, like the other analysts interviewed, says it comes down to being

vigilant no matter what browser you’re using.

”There’s no magic bullet,” says Dunham. ”If you’re on the Internet,

there are ways to be hit. Firefox offers security through obscurity.

There has only been one malicious code to date for Firefox-related

exploits. And there are hundreds for IE. People say, ‘I use Firefox so I

don’t get viruses.’ But this just shows that there is no magic bullet.”

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles